As organizations of all sizes navigate their plans to stave off the surge in cyber-attacks and data breaches and prepare for unforeseen disasters and regulatory fines so as not to be in the headlines, building a sensible backup and recovery strategy has become a hot topic. Success in any industry relies on productivity – and the availability of critical data is tantamount to having a productive environment in the workplace.
Deciding what backup tool is the right fit for your organization can be challenging if you haven’t vetted the landscape of native offerings and vendor solutions. It’s important to consider the investment you’re willing to make in a security posture needed to achieve adequate control over your systems, dodge fines from regulatory commissions, defend against intrusion, and recover from disaster.
When vetting vendor solutions in the marketplace, reviewing reports by independent research and analysis firms such as Forrester and Gartner can help highlight what the most reliable solutions and vendors are for your platform. Let’s take a look at the four different types of available solutions by looking at the pro’s and con’s to help you meet your backup and recovery needs.
1. Out-of-the-Box Options
Options for backup and recovery are consistently included with online platforms such as Microsoft 365 and Google Workspaces. Having a backup and recovery solution or process included with your system makes implementation and maintenance a no-brainer, which makes adoption or rapid growth in a new system more manageable. However, that doesn’t mean the capabilities of the offering will meet all of your security and recovery needs.
Cost-Effective: Most backup and recovery options are inclusive in the license agreement for the system itself. For instance, Microsoft 365 has backup and recovery services included when organizations sign up for the service. This makes budgeting for this layer of protection unnecessary!
Managed Service: The other good side of an out-of-box solution is that the service is owned and managed by the provider. This means no need for extra staff or subject matter experts to maintain the solution and field day-to-day requests.
Limitations: The big downside of an out-of-box solution is the lack of flexibility in its features. Defined operations and settings such as limited retention capabilities could rule out this option for your organization. Using Microsoft 365 as an example, native retention policies cap out at 93 days and only for certain types of content—something that won’t meet the regulatory data retention minimums for many organizations (especially in the public sector). Therefore, it may be necessary to look for options with more flexibility to fit organizational requirements. Be sure to decide if a native solution allows for the flexibility and granularity that your organization requires before settling.
2. Build It Yourself!
What better way to meet your organizational requirements than to build a custom-fit solution? Defining your method for backup, retention, and recovery can be a reasonable avenue for organizations that have the expertise to develop and maintain a proprietary toolset and can often be complementary to the out-of-box solutions available with your license agreement.
Tailored to org specifications: A solution that’s built-in house TECHNICALLY has limitless possibilities. If you can build it, you have complete autonomy over how your solution will respond to changes in scale and granularity. That said, most custom-built solutions for backup still run into environmental constants (such as throttling and API supportability) that create a ceiling for flexibility that is closely aligned with some of the available third-party solutions in the marketplace.
SME/Engineer/Support Staff: Building a solution requires staff to build, implement, maintain, and operate. There’s always the option to outsource the development and ownership of the solution, but allowing a service provider to own the solution brings in unnecessary risk.
Platform Updates and Maintenance: As the system being backed up is natively updated, chances are the custom solution will need the same attention. With Microsoft 365, a custom-built solution will require an organization to respond to changes in the system by maintaining a consistent development and maintenance cycle for their solution.
Storage Costs: If you’re building a custom solution for backup and recovery, you’ll need to consider storage options that can dynamically scale to the growth of content being protected. Chances are your organization leverages owned, on-premises storage options or subscribes to cloud providers with storage options that can be leveraged, but all cases boil down to a separate and hard-to-forecast cost to the organization.
3. Third-Party Appliance
If you have ruled out out-of-box and proprietary options, your best bet is to vet the marketplace for vendors of recommended solutions. Appliances refer to a type of solution that requires an installation and perpetual resources to ensure the solution is always functioning. The use of appliances for backup and recovery were commonplace when the bulk of our content was collaborated on in an on-premises platform such as SharePoint or stored on native infrastructure like a file share.
Own your backups: When you install an appliance, your organization generally owns that tool as long as maintenance and support agreements are not expired. Commonly your organization will be able to use the currently installed version even if support agreements aren’t renewed! That means you own your backups and can get your protected content out when needed.
DR and Retention flexibility: When you maintain and operate your appliance, you can generally do so within the guidelines of your organization. Having the flexibility to scale server resources to meet performance needs and to back up the protected content to tape and ship to an offsite storage location for disaster recovery purposes is key and not available with out-of-the-box or SaaS solutions.
Scope Considerations: Many appliances rely on services to execute backup and restore operations. With these architectural foundations, organizations may need to consider the use of service accounts to maintain connections between applications and the platform being backed up, which could be a security violation for some. Additionally, many appliances require the manual ingestion of new objects as they are created. This means the solution may require constant maintenance to ensure the most current content is protected.
Infrastructure and Maintenance: The cost of ownership of an appliance depends on an organization’s ability to leverage existing hardware or virtualization to meet their functional needs. The more resources needed to execute backup and recovery operations within the defined recovery time objective will determine costs for the manager solution. The scale of the platform being backed up combined with the retention plan for the content will influence the storage costs incurred from relying on an appliance.
Hosted Storage: As with any solution, leveraging a hosted storage provider comes with its own pros and cons. When organizations allow a managed service provider to host backups, it alleviates the need for staff to manage and maintain the infrastructure. However, this comes with the risk of needing the cooperation of your hosting provider if/when disaster strikes.
Software as a Service (SaaS) solutions are among the most popular options for protecting content today as organizations around the world move toward a cloud-first approach to IT. Organizations require the flexibility to collaborate remotely now more than ever, and in every vertical we see consistent migrations of on-premises systems to cloud platforms like Microsoft 365 and Google Workspaces. The flexibility to collaborate doesn’t stop with our content – organizations demand the same collaborative landscape with their IT solutions and are flocking toward SaaS solutions in response.
Automation: The term “as a service” generally means the solution will require very little day-to-day operation in terms of maintaining protection for all of your business-critical content. That means organizations can rely on a SaaS solution to protect any new content that gets created without having to alter or augment their backup scope. In some cases, SaaS solutions can even be configured to ingest content based on the presence of organization tags, labels, or AD property to dynamically register objects!
Role-Based Access Controls: Generally, SasS solutions allow for delegation of responsibility within the solution. This means organizations can safely and securely implement a backup/recovery process to their existing team landscape, whether they want content owners to handle recovery requests or require a more centralized (think “helpdesk”) authority over recovery requests from users or the overall business.
No Maintenance: SaaS solutions are delivered to their customers in cumulative updates that are handled by the vendor. This means organizations that leverage backup-as-a-service don’t have to plan for outages or schedule change requests to ensure their solution is running the most up-to-date supported version.
Platform Flexibility: SaaS solutions today tend to support the protection of multiple platforms. This means organizations can maintain license agreements with Microsoft, Google, Salesforce, and other providers as needed, but decide on one single vendor for its entire backup and recovery strategy.
Defined Options: With SaaS solutions the vendor generally delivers all features and capabilities to its user community. This means the same solution is designed to work for small businesses and massive enterprises; therefore, vendors don’t usually risk the fidelity of their solution by providing SDK/API access to augment or alter its capabilities to meet a unique need of one customer.
While every organization has different priorities when choosing a backup and recovery solution, they all need to make the same considerations when finding the right match. Start by ruling out solutions that don’t meet your basic requirements. For example, if you need Microsoft 365 data to be recoverable beyond 93 days, you can rule out the out-of-box option as a sufficient solution. Second, consider if your organization has the server resources and subject matter expertise to build and support a custom solution or maintain an appliance from a third-party vendor. Decide if the cost of ownership is worth it before ruling out these options.
Once you’ve ruled out any options based on dependencies like functional requirements and cost of ownership, you can start to consider the nice-to-have’s about a solution. For instance, some organizations prefer to automate the backup process or registration of new content, or they simply prefer to have one vendor to support the protection of multiple systems such as Microsoft 365, Salesforce, and Google Workspaces. These organizations, like many others for countless other reasons, choose to work with a SaaS vendor such as AvePoint to meet all their cloud backup and recovery needs.